Archive | October, 2004

Microsoft Patches ASP.Net Problem in Record Time

Microsoft Patches ASP.Net Problem in Record Time. Two days after it acknowledged a potential security problem with its ASP.Net Web-development platform, Microsoft quietly posted to its Web site for download a fix for the problem. [Microsoft Watch from Mary Jo Foley]

Bravo.

Dell laptop power adaptors 1998 – 2002 recall

Millions of Dell power adapters recalled. The Taiwan-made AC adapters sold with Dell notebooks can overheat, posing risk of fire and electrical shock. [CNET News.com]

Hot stuff. Mine says “Made in Thailand” but by Delta Electronics and with the correct part number. When I went to visit http://www.delladapterprogram.com/ to check if my machine was affected, I got a “Server not available” and “Server Application Unavailable” Perhap Windows 2000 wasn’t a good choice of OS for the inevitable SlashDotting

Windows server at FAA crashes every 49.7 days unless ‘maintained’ (rebooted)

Doc Searls asks “Did the air traffic control center really have a “Microsoft server crash”?. This looks like an incredible use of a 32-bit counter of milliseconds that overflows every 49.7 days, without a built-in feature to reset it. The “neglected maintenance” is likely a reboot of the system. Now ask yourself: Do you really want to be at 35,000 feet when they reboot the air traffic control system?

The list of Microsoft Knowledge base articles that refer to various (or the same) incarnation of this bug are scary:

SNMP SysUpTime Counter Resets After 49.7 Days

Computer Hangs After 49.7 Days

“PING -T” Stops Timing Out After 50 Days

Print Spooler Stops Scheduling Print Jobs

The Rpcss.exe process consumes 60 percent of CPU time and performance is affected

X-Duration Values Are Larger Than Expected in Windows Media Server Log

Windows 2000 Terminal Services Time-Out Setting Limits

Contents of the Microsoft Windows 98 System Update

List of Bugs Fixed in Windows NT 4.0 and Terminal Server Edition Service Pack 4 (Part 1)

You might be able to spot Microsoft the Windows 95 and 98 systems; who would have ever expected 50-day reliability out of those systems? NT 4.0 is a little more worrisome, as the bug had been documented for some time before the release of NT 4.0, I think. But for Windows 2000? The RPCSS and print spooler bugs are not documented as fixed in a later service pack, but only a hot fix, although this may be a documentation issue. That is truly disturbing if such a known issue is still sitting around to bite programmers.

I’d really like to know how and why Harris Corporation was allowed to replace UNIX machines that did not have these problems with Windows machines where this was a known issue, and roll them out into the FAA’s production systems, no less. That this was a documented issue is not an acceptable excuse, as the incident last month demonstrated, fortunately without the loss of life.

Security flaw in older versions of MS Office…

[CNET News.com]
is reporting Flaw found in older Office versions.

“A security company warned Thursday that a flaw in Microsoft Office could allow a denial-of-service attack to be executed on systems running somewhat older versions of the popular productivity suite.

Secunia issued an advisory saying a buffer overrun flaw has been found in Office 2000, and potentially also in Office XP, that could allow hackers to take over a user’s system. The company rated the flaw as “highly critical.”

The security firm said that vulnerability is caused by an error in the way Microsoft Word manages input when parsing document files. It said the flaw could be exploited through a specially-crafted document and recommends that, until a fix is found, users only open trusted Word documents. “

Reminder: only open trusted attachments. Reminder 2: there are no trusted attachments.

Never open a document you are not expecting. Confirm all unexpected documents with the sender before opening.

Better yet, send documents as text or RTF if the recipient really doesn’t need all the features of a word processing document.

I wonder how OpenOffice.org would work with one of these broken documents…

FireFox security update

And speaking of FireFox, if you are running the latest 1.0 Preview Release, make sure to update with the latest security bug fix. Read the instructions carefully: the fix takes but a second: http://www.mozilla.org/press/mozilla-2004-10-01-02.html

Hacking the LinkSys WRT-54G

LinkSys manufactures a router-switch-wireless access point that’s a spiffy little computer on top of being a cute computer peripheral. The machine sports a 200 MHz ARM processor, 4 Mb of Flash RAM and 8 Mb or RAM. (Their new GS models doubles both of these). It is managed via a web interface. Not surprisingly, the device runs Linux. Since they base their code on Linux, the GNU Public License requires them to publish the source code as well. Naturally, this leads to third parties offering enhancements and replacements. Cool stuff includes:

  • Sveasoft offers a replacement with the BusyBox command shell, DropBear SSH server and dozens of other tools, as well as many bug fixes.
  • BatBox is a set of add-on tools for the standard LinkSys firmware
  • Folks at SeattleWireless.net document the router on their wiki and have a fascinating website about creating community wireless nets. They also highlight NoCatSplash, an “Open Public Network Gateway Daemon” in case you plan to offer a community site with a sign-on or “I Agree” click-through.
  • OpenWrt takes a different tack, offering a base distribution on top of which you can customize your own tools
  • Portless Networks offer their eWrt distribution, a fork from an earlier version of the Sveasoft software, with a goal of developing a stable distribution for ISPs and other network providers.
  • HyperWRT focuses on boosting the broadcast power, a great idea if you are not in a dense urban environment and want maximum broadcast range

So, why would you hack a working appliance just to put your own custom software on it? 1) It’s cool. 2) Bug fixes 3) More features 4) Why not?

Another convert to FireFox

Why I dumped Internet Explorer. “CNET News.com’s Charles Cooper confesses that he’s a Firefox convert and not at all nostalgic for the old days.” From CNET News.com. Great quotes from the article:

“After months waiting for Microsoft to give me a reason to remain loyal, I finally dumped Internet Explorer for the Firefox Web browser last week.”

“There is one major change you can ascribe to Internet Explorer: The PC browser world is in much worse shape. Because management took so long to tackle Internet Explorer’s security woes, Microsoft allowed virus writers to exploit vulnerabilities in the browser and wreak untold havoc on unsuspecting computer users.”

Get Firefox

Powered by WordPress. Designed by Woo Themes

This work by Ted Roche is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 United States.